Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
SSH:OVERFLOW:USERNAME-INFO-DIS |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
SSH |
Keywords |
OpenSSH sshd UserName Information Disclosure |
Release Date |
2020/01/02 |
Update Number |
3240 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SSH: OpenSSH sshd UserName Information Disclosure
This signature detects attempts to exploit a known vulnerability against OpenSSH. A successful attack can lead to sensitive information disclosure.
Extended Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Affected Products
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Netapp aff_baseboard_management_controller -
- Netapp cloud_backup -
- Netapp clustered_data_ontap -
- Netapp cn1610_firmware -
- Netapp data_ontap -
- Netapp data_ontap_edge -
- Netapp fas_baseboard_management_controller -
- Netapp oncommand_unified_manager 9.4
- Netapp oncommand_unified_manager 9.5
- Netapp ontap_select_deploy -
- Netapp service_processor -
- Netapp steelstore_cloud_integrated_storage -
- Openbsd openssh 7.7
- Redhat enterprise_linux_desktop 6.0
- Redhat enterprise_linux_server 6.0
- Redhat enterprise_linux_workstation 6.0
References
- CVE: CVE-2018-15473